views:

28

answers:

1

We have a service account defined for anonymous access which is used for several web sites hosted on the web server. This account has access to several network resources like report server, file servers and so on.

While deploying a new web site, we used the same service account for anonymous access. IIS takes the username/password for the account and then a dialog opens for confirm password.

Accidently, we gave a wrong password in both the text boxes, the new site with wrong password is working fine but all other previously hosted sites which were using the service account, started giving the unautorized access error.

Is it possible that when we entered wrong password for the new web site, the password of the account got reset and all sites stopped functioning?

A: 

If this was IIS5.x then yes it's possible that the password update you performed did indeed change the anonymous account password.

If this was IIS6 then there are a number of pre-conditions that must be met before changing the password in IIS manager changes the password for the anonymous account. This MS knowledgebase article covers this is detail:

IIS 6.0: HOW TO: Configure IIS to Control the Anonymous Password (MS KB:332167)

In IIS7 this capability was retired.

Kev